Yes, I think a passive listener in promiscuous mode would work. And more listeners located around the room would be even better, if their signals could be very precisely correlated in time.
In more detail: CSI is available to the _receiver_ of the wifi packet. In other words:
• Your phone can determine CSI for all AP broadcasts. (Useful for indoor positioning)
• The AP can determine CSI for any packet sent to it. Thus your phone would have to be associated. (Or, at least trying to associate.)
• A passive listener in promiscuous mode should still work -- maybe -- though I couldn't say for certain. The CSI value would not be identical to what the AP receives since the listener is in a different physical location and is not synchronized to the AP. The CSI data is In-phase and Quadrature values which can only be interpreted in relation to the clock that is being used to sample the radio signal. But maybe this approach manages to get around clock sync issues somehow.
• If your finger locations change without any wifi packet transmission, there is no way to detect that.
I'd say the best mitigation is to turn off wifi while typing your password. Then turn it on just before hitting "Submit" or "Enter" or whatever.
In more detail: CSI is available to the _receiver_ of the wifi packet. In other words:
• Your phone can determine CSI for all AP broadcasts. (Useful for indoor positioning)
• The AP can determine CSI for any packet sent to it. Thus your phone would have to be associated. (Or, at least trying to associate.)
• A passive listener in promiscuous mode should still work -- maybe -- though I couldn't say for certain. The CSI value would not be identical to what the AP receives since the listener is in a different physical location and is not synchronized to the AP. The CSI data is In-phase and Quadrature values which can only be interpreted in relation to the clock that is being used to sample the radio signal. But maybe this approach manages to get around clock sync issues somehow.
• If your finger locations change without any wifi packet transmission, there is no way to detect that.
I'd say the best mitigation is to turn off wifi while typing your password. Then turn it on just before hitting "Submit" or "Enter" or whatever.